Back to skill

Security audit

network-ai-huawei-cloud-iam-query

Security checks across malware telemetry and agentic risk

Overview

The skill advertises IAM-only read-only Huawei Cloud queries, but its instructions describe broader cloud resource querying and automatic credential-backed script execution that is not actually packaged.

Review this before installing. It asks for Huawei Cloud credentials and claims to run read-only SDK queries, but the published package does not include the referenced scripts or guides and its body describes a broader cloud inventory tool than the IAM-only name suggests. Install only if you intended a broader Huawei Cloud query workflow and can verify the missing scripts and credential handling from a trusted source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest presents this as an IAM-only read-only identity query skill, but the body documents a generic Huawei Cloud resource query capability spanning non-IAM services such as compute, disks, images, and networks. This scope mismatch can mislead routing and trust decisions, causing the agent to invoke a much broader execution surface than the user or platform expects.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The instructions authorize execution of service-specific scripts under arbitrary `scripts/<service_category>/` paths, which contradicts the declared IAM-only purpose and effectively delegates behavior to any packaged service script. In a skill system that executes local scripts, this increases the reachable code surface and creates an opportunity for unintended or over-privileged actions outside the advertised domain.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The title and overview describe a generic Huawei Cloud resource query skill rather than an IAM-specific identity-query skill. This inconsistency weakens operator understanding, review accuracy, and policy enforcement, making it easier for a broader-capability skill to bypass expectations set by the manifest.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list contains broad generic terms such as `identity`, `policy`, and `agency`, which can cause accidental invocation in unrelated contexts. Because the skill executes local scripts after invocation, overly broad matching increases the chance of unnecessary credential use, environment checks, and exposure to a broader script surface.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.